Categories
CWE | NAME | LAST 12M | LOW | MEDIUM | HIGH | CRITICAL | TOTAL VULNS |
---|---|---|---|---|---|---|---|
CWE-460 | Improper Cleanup on Thrown Exception The product does not clean up its state or incorrectly cleans up its state when an exception is thrown, leading to unexpected state or control flow. | 1 | 2 | 1 | 0 | 4 | |
CWE-257 | Storing Passwords in a Recoverable Format The storage of passwords in a recoverable format makes them subject to password reuse attacks by malicious users. In fact, it should be noted that recoverable encrypted passwords provide no significant benefit over plaintext passwords since they are subject not only to reuse by malicious attackers but also by malicious insiders. If a system administrator can recover a password directly, or use a brute force search on the available information, the administrator can use the password on other accounts. | 0 | 3 | 1 | 0 | 4 | |
CWE-648 | Incorrect Use of Privileged APIs The application does not conform to the API requirements for a function call that requires extra privileges. This could allow attackers to gain privileges by causing the function to be called incorrectly. | 0 | 2 | 2 | 0 | 4 | |
CWE-592 | DEPRECATED: Authentication Bypass Issues This weakness has been deprecated because it covered redundant concepts already described in CWE-287. | 0 | 0 | 1 | 2 | 3 | |
CWE-21 | Pathname Traversal and Equivalence Errors Weaknesses in this category can be used to access files outside of a restricted directory (path traversal) or to perform operations on files that would otherwise be restricted (path equivalence). Files, directories, and folders are so central to information technology that many different weaknesses and variants have been discovered. The manipulations generally involve special characters or sequences in pathnames, or the use of alternate references or channels. | 0 | 2 | 1 | 0 | 3 | |
CWE-920 | Improper Restriction of Power Consumption The software operates in an environment in which power is a limited resource that cannot be automatically replenished, but the software does not properly restrict the amount of power that its operation consumes. | 0 | 1 | 2 | 0 | 3 | |
CWE-322 | Key Exchange without Entity Authentication The software performs a key exchange with an actor without verifying the identity of that actor. | 0 | 1 | 2 | 0 | 3 | |
CWE-440 | Expected Behavior Violation A feature, API, or function being used by a product behaves differently than the product expects. | 0 | 2 | 1 | 0 | 3 | |
CWE-1287 | Improper Validation of Specified Type of Input The product receives input that is expected to be of a certain type, but it does not validate or incorrectly validates that the input is actually of the expected type. | 0 | 2 | 1 | 0 | 3 | |
CWE-202 | Exposure of Sensitive Data Through Data Queries When trying to keep information confidential, an attacker can often infer some of the information by using statistics. | 1 | 2 | 0 | 0 | 3 |